diff --git a/history/2026-07-06-t04-review-summary.md b/history/2026-07-06-t04-review-summary.md new file mode 100644 index 0000000..dc1c025 --- /dev/null +++ b/history/2026-07-06-t04-review-summary.md @@ -0,0 +1,164 @@ +# REUSE-WP-0017-T04 review summary + +Prepared for the T05 human-review-and-publish-pass checkpoint. Everything +below is generated from the actual files committed in each sibling repo +(not from drafting notes), so it reflects what would actually get pushed +and published. + +**Coverage: 61/61.** 48 repos have a capability entry, 13 have an explicit +`registry/NO_CAPABILITIES.md` marker, 0 remain unclassified. + +**What's new this session (T02–T04):** 30 sibling repos got a first commit — +13 no-capability markers (T03) and 17 newly drafted capability entries +(the first two T04 cohorts + this final cohort — see per-cohort commit +messages in `workplans/REUSE-WP-0017-capability-coverage-campaign.md` for +the exact 10/10/17 split). The other 18 `has` rows below already existed +before this workplan (activity-core, audit-core, config-atlas, +feature-control, flex-auth, identity-canon, ops-warden, repo-seed, +reuse-surface, shard-wiki, state-hub, plus the ones drafted in cohorts +1–2 — see the table for the full picture; cohort provenance is in the +workplan file, not repeated here). + +**Everything below is committed locally only.** Nothing has been pushed to +any sibling repo's remote. T05 is where you review, then push + +publish-check + hub refresh + `federation compose` happen. + +## How to review a single entry + +```bash +cd ~/ +git log -1 --stat # see exactly what was added +git show HEAD # full diff +cat registry/capabilities/.md # or registry/NO_CAPABILITIES.md +``` + +To push everything after review (per-repo, once you're satisfied): + +```bash +git -C ~/ push origin main +``` + +## Things worth a closer look before pushing + +1. **`the-custodian`** — the repo root carries an NDA/confidentiality + notice. The entry (`capability.agents.custodian-runtime-tooling`) is + deliberately scoped to only the non-confidential `runtime/` agent + framework and `tools/` repo-classification scripts; canon/memory content + is explicitly excluded in `discovery.excludes` and + `consumer_guidance.not_recommended_for`. Please double-check this + scoping is exactly right before pushing — this is the one entry where + getting the boundary wrong has real consequences. +2. **`vergabe-teilnahme`** — its own `SCOPE.md` is an unfilled template, so + the entry is honestly low (D1/A1/C0/R0) with a limitation note that + filling in SCOPE.md should happen before further promotion. +3. **`markitect-main`** — registered as a *superseded legacy platform*, + with `consumer_guidance.not_recommended_for` pointing new consumers at + its three successors (`markitect-tool`, `infospace-bench`, + `kontextual-engine`). Worth confirming that's the framing you want on + the record. +4. **`issue-core`** — migrated its own pre-existing + `CAPABILITY-issue-tracking.yaml` (a rich, non-standard capability + manifest with 109 tests / 61% coverage documented) into the standard + `registry/capabilities/` location, rather than drafting fresh. Worth + confirming nothing was lost in translation. +5. **Stale repo-seed-template READMEs** — `inter-hub`, `open-reuse`, and + `vantage-point` all still show the generic `repo-seed` bootstrap README + at their repo root; I used each repo's `SCOPE.md`/`INTENT.md` instead + (noted in each entry's discovery rationale) since those are accurate. + The stale READMEs themselves are a small, separate cleanup — not fixed + here, out of scope for this workplan. +6. **Forgejo-transition tooling surfaced along the way** — `railiance-enablement` + (`tools/promote-repo-to-forgejo.sh`), `railiance-apps` + (`tools/forgejo-smoke.sh`), and `the-custodian` + (`tools/patch-forgejo-remote-urls.sh`) all ship tooling directly relevant + to REUSE-WP-0019's host-migration inventory (T01) — worth cross-referencing + when that workplan starts. +7. **Two pre-existing roster rows had a stale `seed_capability_ids: []`** + despite having real, already-published entries: `activity-core` + (`capability.activity.event-coordinate`) and `ops-warden` + (`capability.security.ssh-certificate-issuance`). Fixed as a small + incidental correction in the roster — not new drafts, just a bookkeeping + gap from before this workplan. +8. **`config-atlas`** remains `publish_check: fail` (303 error) — tracked + separately as REUSE-WP-0017-T06, likely related to the Gitea→Forgejo + transition (REUSE-WP-0019-T01). + +## All 48 capability entries + +| Repo | Capability ID | Vector (D/A/C/R) | Summary | +|---|---|---|---| +| `activity-core` | `capability.activity.event-coordinate` | D3/A1/C1/R0 | Coordinate structured responses to cross-domain events through activity workflows and automation. | +| `artifact-store` | `capability.infotech.artifact-store` | D3/A1/C1/R0 | Generic artifact registry and storage gateway for generated outputs, evidence packages, reports, logs, snapshots, exports, and release artifacts. | +| `audit-core` | `capability.audit.event-retain` | D4/A2/C2/R1 | Collect, normalize, retain, and search audit events with integrity evidence across tenants. | +| `can-you-assist` | `capability.agents.cli-assistant` | D2/A2/C1/R0 | Console-native, backend-agnostic assistant CLI that expresses user intent in natural language and returns safe, explainable, context-aware help. | +| `citation-engine` | `capability.infotech.citation-engine` | D3/A1/C1/R0 | Core domain model and engine services for the citation-evidence ecosystem — shared vocabulary, in-memory repositories, orchestration services, event bus, and citation card renderers. | +| `citation-evidence` | `capability.infotech.citation-evidence-workspace` | D4/A1/C1/R0 | Document-centered evidence workspace for capturing, managing, presenting, and re-opening citations — the umbrella application over the citation-evidence six-package design. | +| `config-atlas` | `capability.infotech.config-surface-atlas` | D5/A0/C2/R2 | Read-first, cross-kind map and evidence layer for configuration surfaces — what configures a system, who owns it, its scope, and where the source of truth lives. | +| `email-connect` | `capability.infotech.email-connector` | D2/A1/C1/R0 | Headless, provider-neutral email communication and evidence service; first slice scans a mailbox or fixture directory and produces timestamped CSV evidence reports. | +| `feature-control` | `capability.feature-control.evaluate` | D5/A4/C3/R3 | Evaluate whether a feature is active, hidden, disabled, or unavailable for a subject in context. | +| `flex-auth` | `capability.authorization.policy-evaluate` | D4/A2/C2/R1 | Evaluate access decisions from policy-as-code rules for subjects, resources, and actions. | +| `guide-board` | `capability.communication.compliance-evidence-framework` | D2/A2/C1/R0 | Framework that turns standards, conformance, regulatory, and repository-quality claims into structured, reviewable, repeatable, comparable evidence via a pluggable extension architecture. | +| `hub-core` | `capability.infotech.hub-core-library` | D2/A1/C1/R1 | Reusable FastAPI, SQLAlchemy, and MCP primitives extracted from the State Hub for use by other FOS (Federation of Services) hubs. | +| `identity-canon` | `capability.identity.subject-resolution` | D3/A0/C1/R0 | Resolve who or what is acting in a context by mapping principals, accounts, actors, and identifiers to a stable subject model. | +| `info-tech-canon` | `capability.infotech.canon-service` | D2/A2/C1/R0 | Concrete service surface (CLI, importable functions, read-only local HTTP API) over the InfoTechCanon information-processing infospace, backed by infospace-bench. | +| `infospace-bench` | `capability.communication.infospace-workspace` | D3/A1/C2/R1 | Workspace and service for creating, developing, evaluating, and inspecting structured knowledge spaces (infospaces); application-layer successor to the infospace work begun in markitect-main. | +| `inter-hub` | `capability.infotech.interaction-hub-framework` | D3/A1/C1/R0 | Specification and reference implementation of a governed, observable interaction substrate connecting rendered UI widgets to structured feedback, requirements, decisions, implementation changes, and observed outcomes. | +| `issue-core` | `capability.infotech.issue-tracking` | D4/A2/C2/R1 | Unified Python/CLI interface for issue tracking across Gitea, GitHub, and GitLab, preventing direct platform API usage and credential sprawl for coordinating agents. | +| `kaizen-agentic` | `capability.agents.kaizen-framework` | D3/A2/C1/R0 | AI agency framework providing 18 specialized deployable agent instruction sets plus persistent, project-scoped memory and cross-agent coordination via a Coach meta-agent. | +| `key-cape` | `capability.iam.key-cape` | D4/A2/C2/R1 | Lightweight-mode implementation of the NetKingdom IAM Profile (versioned OIDC/PKCE contract), orchestrating Authelia, LLDAP, and privacyIDEA so applications integrate against the profile, not against implementation internals. | +| `kontextual-engine` | `capability.communication.context-engine` | D4/A1/C1/R0 | Headless knowledge-operations engine turning heterogeneous information assets into persistent, contextual, governed, retrievable, transformable, and agent-operable knowledge. | +| `llm-connect` | `capability.agents.llm-connector` | D3/A2/C2/R1 | Provider-neutral Python/CLI LLM adapter library supporting OpenRouter, Gemini, OpenAI, and the Claude Code CLI out of the box, with a clean abstract interface for adding new providers. | +| `markitect-filter` | `capability.communication.markitect-source-adapters` | D2/A1/C1/R0 | Concrete source-format adapters (EPUB3, PDF) converting external document formats into canonical Markitect Markdown, implementing the markitect-tool source adapter contract. | +| `markitect-main` | `capability.communication.markitect-legacy-platform` | D3/A1/C1/R0 | Intelligent markdown engine and information-management platform treating documents as structured, queryable information spaces with schema validation, transclusion, and LLM-driven evaluation; the legacy umbrella now being split into markitect-tool, infospace-bench, and kontextual-engine. | +| `markitect-quarkdown` | `capability.communication.markitect-quarkdown-adapter` | D3/A1/C1/R0 | Concrete Quarkdown render/export adapter for Markitect, mapping Markitect profiles to Quarkdown profiles and running controlled Quarkdown CLI execution plans without forking or reimplementing Quarkdown. | +| `markitect-tool` | `capability.communication.markitect-toolkit` | D4/A2/C2/R1 | Markdown-native toolkit and CLI (mkt) for turning semi-structured Markdown into structured, queryable, reusable knowledge artifacts; syntax-layer successor to markitect-main. | +| `net-kingdom` | `capability.security.iam-tooling-suite` | D3/A2/C1/R1 | Dynamic, self-optimizing security platform for Kubernetes-deployed IT infrastructure; owns canonical IAM/security standards and executable conformance tooling (IAM profile conformance, playbook capability contract validation, security bootstrap console). | +| `open-cmis-tck` | `capability.cmis.tck` | D2/A1/C1/R0 | CMIS conformance-preparation extension for guide-board, keeping CMIS-specific runner code, profiles, capability mappings, and workplans outside the generic compliance framework. | +| `open-reuse` | `capability.infotech.oss-integration-continuity` | D2/A1/C1/R0 | Turns proven open-source integrations into structured, maintainable, continuously managed assets with clear boundaries and update loops, so they remain robust and transparent as upstream evolves. | +| `ops-bridge` | `capability.ops.tunnel-bridge` | D3/A2/C2/R1 | CLI that manages named SSH reverse tunnels keeping remote execution environments connected to the local Custodian State Hub, with auto-reconnect, health checks, and structured audit events. | +| `ops-warden` | `capability.security.ssh-certificate-issuance` | D4/A3/C3/R2 | Issue short-lived CA-signed SSH certificates for adm, agt, and atm actors through a stable cert_command CLI interface; steward operational access routing across NetKingdom security lanes. | +| `phase-memory` | `capability.memory.phase-planning` | D3/A1/C1/R0 | Interprets Markitect memory profiles as runtime plans, modeling memory phases and producing deterministic dry-run actions for retention, refresh, compaction, stabilization, and activation. | +| `railiance-apps` | `capability.railiance.workload-deployment-tooling` | D3/A2/C1/R1 | S5 Workloads and Experience Endpoints layer of the Railiance OAS Stack — application Helm releases, Kubernetes workload manifests, deployment guardrails, and smoke-test/check tooling for user-facing services. | +| `railiance-cluster` | `capability.railiance.cluster-bootstrap` | D3/A2/C1/R0 | Cluster runtime entry point of the Railiance Infrastructure-as-Code framework: from two bare Linux servers, a Git repo, and credentials, rebuilds a fully automated Kubernetes-based environment. | +| `railiance-enablement` | `capability.railiance.ci-enablement` | D3/A2/C2/R1 | S4 Developer Enablement layer of the Railiance OAS Stack — reusable CI/CD workflow templates, developer portal paths, platform templates, SDKs, and buildpacks, using forge capabilities without owning forge runtime. | +| `railiance-fabric` | `capability.railiance.fabric-graph` | D3/A1/C1/R0 | Models the durable infrastructure-responsibility graph of the Railiance netkingdom: schemas, discovery tools, registry services, graph queries, and State Hub export contracts for services, machines, repos, deployables, endpoints, ownership, dependencies, and bindings. | +| `railiance-forge` | `capability.railiance.forge-infrastructure` | D3/A1/C1/R0 | Source forge, registry, and automation-runner infrastructure for Railiance, separated out from railiance-apps/railiance-enablement; covers current Gitea operation, the Forgejo migration, container/package registries, and Actions runner substrate. | +| `railiance-infra` | `capability.railiance.infra-provisioning` | D4/A2/C2/R1 | Git-driven server provisioning and convergence for Hosteurope/Hetzner Cloud using Terraform, cloud-init, and Ansible, with SOPS+age encrypted in-repo secrets and a servers.yaml inventory as source of truth. | +| `railiance-platform` | `capability.railiance.platform-services` | D3/A2/C1/R0 | S3 Platform Services layer of the Railiance OAS Stack — shared cluster services: PostgreSQL HA, Valkey cache, secret management, identity integration, and object storage. | +| `repo-scoping` | `capability.agents.repo-scoping-service` | D2/A2/C1/R0 | Maps repositories from usefulness to implementation (Ability -> Capability -> Feature -> Evidence -> Code location) via a Python registry core, FastAPI HTTP API, and curator UI. | +| `repo-seed` | `capability.infotech.repo-template` | D3/A3/C2/R2 | Bootstrap new git repositories with agent instructions, registry scaffold, and State Hub onboarding conventions. | +| `reuse-surface` | `capability.registry.register` | D3/A4/C2/R3 | Register a new capability so it becomes visible for planning and implementation reuse. | +| `shard-wiki` | `capability.wiki.shard-orchestration` | D5/A2/C2/R1 | Present a union of pages across heterogeneous wiki-shaped shards while preserving each shard's provenance, capabilities, and history. | +| `state-hub` | `capability.statehub.progress-log` | D4/A4/C3/R3 | Record progress events, decisions, and session notes against workstreams and tasks in State Hub. | +| `the-custodian` | `capability.agents.custodian-runtime-tooling` | D2/A1/C1/R0 | Generic tooling from The Custodian's runtime and ecosystem-management surface: an agent runtime framework (context, actions, tool adapters, policies) and repo-classification batch tooling used across the workstation's 61 repos. | +| `user-engine` | `capability.identity.user-engine` | D4/A1/C2/R0 | Headless, multi-application, multi-tenant user management engine covering registration, identity/factor models, entitlement claims, hats/realms/services/assets access profiles, and onboarding journeys. | +| `vantage-point` | `capability.graph.nbgm-spec` | D2/A0/C1/R0 | Generic system and versioned protocol specification for exploring dependency structures as network-based graph models (NBGM), unifying entity/relationship inspection and reasoning across arbitrary domains. | +| `vergabe-teilnahme` | `capability.procurement.vergabe-teilnahme` | D1/A1/C0/R0 | Django application (with a Vite/Tailwind frontend) for managing German public-procurement (Vergabe) tender participation — Ausschreibungs- und Teilnahme-Management-System. | +| `whynot-design` | `capability.design.whynot-system` | D3/A2/C2/R1 | Framework-agnostic visual language for whynot prototype/market-signal artefacts: design tokens, drop-in CSS, Lit-based web components usable from React/Django/Vue/plain HTML, and Django template adapters. | + +## All 13 explicit no-capability markers + +| Repo | Reason | +|---|---| +| `agentic-resources` | INTENT/SCOPE are aspirational HR-for-agents vision prose; no src/, no package manifest — vision-stage only, nothing implemented to reuse. | +| `citation-work` | Only INTENT/SCOPE/registry/workplans describing a review workbench; no source implementing it yet. | +| `coordination-engine` | Ambitious coordination-framework prose in INTENT, but only history/spec/registry dirs exist — no runtime code yet. | +| `domain-tree` | Only registry/workplans; SCOPE explicitly defers ownership of implementation to State Hub. | +| `evidence-anchor` | Only INTENT/SCOPE/registry/workplans; the anchoring/highlighting layer is described but not implemented. | +| `evidence-binder` | Only INTENT/SCOPE/registry/workplans; the binding model is described but not implemented. | +| `evidence-source` | Only INTENT/SCOPE/registry/workplans; the ingestion/extraction layer is described but not implemented. | +| `helix-forge` | Draft-status (intent_version 0.1.0) capability-ecosystem vision; only design assets and standards docs exist, no packaged implementation. | +| `human-resources` | Aspirational HR-for-humans intent prose plus registry/workplans; no implementation. | +| `ihp-railiance-probe` | Self-described in its own INTENT as a probe, not a product — a pipeline-validation canary app, not intended for reuse. | +| `ops-hub` | Only a single diagnostic bootstrap-API probe script exists; the described operational-truth surface (hosts/services/incidents/runbooks) isn't implemented yet. | +| `tegwick-control` | Personal life/company planning notes (areas/, agent-tasks/) — a private portfolio-tracking meta-repo, not a reusable product component. | +| `whynot-control` | Business-signal/beta-tracking scaffolding (betas/, prototypes/, offers/, signals/) with only README stubs — no independent reusable component. | + +## Next steps (T05) + +1. Review the flagged items above, especially #1 (the-custodian confidentiality scoping). +2. Spot-check a sample of entries against the actual repos if you want deeper confidence beyond this summary. +3. Push the sibling-repo commits (30 repos have new commits this session; see `git log --oneline -1` in each). +4. `establish --publish-check` per repo where the raw URL needs confirming. +5. `reuse-surface federation compose` + catalog + graph regeneration in this repo. +6. Then T06 (config-atlas 303 fix) can proceed independently. diff --git a/registry/federation/local-repo-roster.yaml b/registry/federation/local-repo-roster.yaml index 9d3ab18..2d05501 100644 --- a/registry/federation/local-repo-roster.yaml +++ b/registry/federation/local-repo-roster.yaml @@ -23,7 +23,8 @@ repos: capability_count: 1 capability_status: has seed_from_reuse_surface: false - seed_capability_ids: [] + seed_capability_ids: + - capability.activity.event-coordinate hub_registered: true publish_check: pass batch: B01 @@ -455,7 +456,8 @@ repos: capability_count: 1 capability_status: has seed_from_reuse_surface: false - seed_capability_ids: [] + seed_capability_ids: + - capability.security.ssh-certificate-issuance hub_registered: true publish_check: pass batch: B04